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RADIUS Attributes for IEEE 802.16 
Privacy Key Management Version 1 (PKMv1) Protocol Support 
Abstract 
This document defines a set of Remote Authentication Dial-In User 
Service (RADIUS) Attributes that are designed to provide RADIUS 
support for IEEE 802.16 Privacy Key Management Version 1. 


Status of This Memo 


This document is not an Internet Standards Track specification; it is 
published for informational purposes. 


This document is a product of the Internet Engineering Task Force 


(IETF). It represents the consensus of the IETF community. It has 
received public review and has been approved for publication by the 
Internet Engineering Steering Group (IESG). Not all documents 


approved by the IESG are a candidate for any level of Internet 
Standard; see Section 2 of RFC 5741. 


Information about the current status of this document, any errata, 
and how to provide feedback on it may be obtained at 
http://www.rfc-editor.org/info/rfc5904. 
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This document may contain material from IETF Documents or IETF 
Contributions published or made publicly available before November 
10, 2008. The person(s) controlling the copyright in some of this 
material may not have granted the IETF Trust the right to allow 
modifications of such material outside the IETF Standards Process. 
Without obtaining an adequate license from the person(s) controlling 
the copyright in such materials, this document may not be modified 
outside the IETF Standards Process, and derivative works of it may 
not be created outside the IETF Standards Process, except to format 
it for publication as an RFC or to translate it into languages other 
than English. 
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Les 


Introduction 


Privacy Key Management Version 1 (PKMv1) [IEEE.802.16-2004] is a 
public-key-based authentication and key establishment protocol 
typically used in fixed wireless broadband network deployments. The 
protocol utilizes X.509 v3 certificates [RFC2459], RSA encryption 
[RFC2437], and a variety of secret key cryptographic methods to allow 
an 802.16 Base Station (BS) to authenticate a Subscriber Station (SS) 
and perform key establishment and maintenance between an SS and BS. 


This document defines a set of RADIUS Attributes that are designed to 
provide support for PKMv1. The target audience for this document 
consists of those developers implementing RADIUS support for PKMvl; 
therefore, familiarity with both RADIUS [RFC2865] and the IEEE 
802.16-2004 standard is assumed. 


Please note that this document relies on IEEE.802.16-2004, which 
references RFC 2437 and RFC 2459, rather than any more recent RFCS on 
RSA and X.509 certificates (e.g., RFC 3447 and RFC 5280). 

Acronyms 

CA 


Certification Authority; a trusted party issuing and signing X.509 
certificates. 


For further information on the following terms, please see Section 7 
of [IEEE.802.16-2004]. 


SA 
Security Association 


SAID 
Security Association Identifier 


TEK 
Traffic Encryption Key 


Attributes 


The following subsections describe the Attributes defined by this 
document. This specification concerns the following values: 


137 PKM-SS-Cert 
138 PKM-CA-Cert 


139 PKM-Config-Settings 
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140 PKM-Cryptosuite-List 
141 PKM-SAID 
142 PKM-SA-Descriptor 
143 PKM-Auth-Key 
3.1. PKM-SS-Cert 
Description 


The PKM-SS-Cert Attribute is variable length and MAY be 
transmitted in the Access-Request message. The Value field is of 
type string and contains the X.509 certificate [RFC2459] binding a 
public key to the identifier of the Subscriber Station. 


The minimum size of an SS certificate exceeds the maximum size of 
a RADIUS attribute. Therefore, the client MUST encapsulate the 
certificate in the Value fields of two or more instances of the 
PKM-SS-Cert Attribute, each (except possibly the last) having a 
length of 255 octets. These multiple PKM-SS-Cert Attributes MUST 
appear consecutively and in order within the packet. Upon 
receipt, the RADIUS server MUST recover the original certificate 
by concatenating the Value fields of the received PKM-SS-Cert 
Attributes in order. 


A summary of the PKM-SS-Cert Attribute format is shown below. The 
fields are transmitted from left to right. 


1 2 
012345678901 234567890123 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Type | Len | Value... 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 


Type 

137 for PKM-SS-Cert 
Len 

> 2 
Value 


The Value field is variable length and contains a (possibly 
complete) portion of an X.509 certificate. 
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3.2. PKM-CA-Cert 
Description 


The PKM-CA-Cert Attribute is variable length and MAY be 
transmitted in the Access-Request message. The Value field is of 
type string and contains the X.509 certificate [RFC2459] used by 
the CA to sign the SS certificate carried in the PKM-SS-Cert 
attribute (Section 3.1) in the same message. 


The minimum size of a CA certificate exceeds the maximum size of a 
RADIUS attribute. Therefore, the client MUST encapsulate the 
certificate in the Value fields of two or more instances of the 
PKM-CA-Cert Attribute, each (except possibly the last) having a 
length of 255 octets. These multiple PKM-CA-Cert Attributes MUST 
appear consecutively and in order within the packet. Upon 
receipt, the RADIUS server MUST recover the original certificate 
by concatenating the Value fields of the received PKM-CA-Cert 
Attributes in order. 


A summary of the PKM-CA-Cert Attribute format is shown below. The 
fields are transmitted from left to right. 


1 2 
Oo A 23486. B89: 00d. 234-560 1,0859 500 Th De 3 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Type | Len | Value... 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 


Type 

138 for PKM-CA-Cert 
Len 

> 2 
Value 


The Value field is variable length and contains a (possibly 
complete) portion of an X.509 certificate. 
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PKM-Config-Settings 
Description 


The PKM-Config-Settings Attribute is of type string [RFC2865]. 
is 30 octets in length and consists of seven independent fields, 
each of which is conceptually an unsigned integer. Each of the 
fields contains a timeout value and corresponds to a Type-Length- 
Value (TLV) tuple encapsulated in the IEEE 802.16 "PKM 
configuration settings" attribute; for details on the contents of 
each field, see Section 11.9.19 of [IEEE.802.16-2004]. One 
instance of the PKM-Config-Settings Attribute MAY be included in 
the Access-Accept message. 


A summary of the PKM-Config-Settings Attribute format is shown below. 


The fields are transmitted from left to right. 


1 2 3 
01234567890123456789012345678901 
dh ta tata q tata tata tata tata ta ++ + +++ + ++ +++ +++ += 

| Type | Len | Auth Wait Timeout 
Fat + Ph q tata tata ta tata + ta ++ + + +++ + +++ ++ +++ 
Auth Wait Timeout (cont.) | Reauth Wait Timeout 
dh + + hd E hd + + + + ta ++ + + +++ + +++ ++ +++ 
Reauth Wait Timeout (cont.) | Auth Grace Time 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ hh + ++ ++ ++ +++ 
Auth Grace Time (cont.) | Op Wait Timeout 
tata + Ph q e hd + + + + ta ++ + + +++ ++ ++ ++ +=+=+=-+ 
Op Wait Timeout (cont.) | Rekey Wait Timeout 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ta ++ ++ +++ ++ ++ ++ +++ 
Rekey Wait Timeout (cont.) | TEK Grace Time 
dh + + hd + hd + + tata ta ++ ++ +++ ++ ++ ++ +++ 
TEK Grace Time (cont.) | Auth Rej Wait Timeout 
dh + Ph q tata tata ta + + + ta ++ ++ +++ ++ ++ ++ +++ 
Auth Rej Wait Timeout (cont.) | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 


Type 
139 for PKM-Config-Settings 
Len 


30 
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Auth Wait Timeout 
The Auth Wait Timeout field is 4 octets in length and corresponds 
to the "Authorize wait timeout" field of the 802.16 "PKM 
configuration settings" attribute. 

Reauth Wait Timeout 
The Reauth Wait Timeout field is 4 octets in length and 
corresponds to the "Reauthorize wait timeout" field of the 802.16 
"PKM configuration settings" attribute. 

Auth Grace Time 
The Auth Grace Time field is 4 octets in length and corresponds to 
the "Authorize grace time" field of the 802.16 "PKM configuration 
settings" attribute. 

Op Wait Timeout 
The Op Wait Timeout field is 4 octets in length and corresponds to 
the "Operational wait timeout" field of the 802.16 "PKM 
configuration settings" attribute. 

Rekey Wait Timeout 
The Rekey Wait Timeout field is 4 octets in length and corresponds 
to the "Rekey wait timeout" field of the 802.16 "PKM configuration 
settings" attribute. 

TEK Grace Time 
The TEK Grace Time field is 4 octets in length and corresponds to 
the "TEK grace time" field of the 802.16 "PKM configuration 
settings" attribute. 

Auth Rej Wait Timeout 
The Auth Rej Wait Timeout field is 4 octets in length and 


corresponds to the "Authorize reject wait timeout" field of the 
802.16 "PKM configuration settings" attribute. 
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3.4. PKM-Cryptosuite-List 
Description 


The PKM-Cryptosuite-List Attribute is of type string [RFC2865] and 
is variable length; it corresponds roughly to the "Cryptographic- 
Suite-List" 802.16 attribute (see Section 11.19.15 of 
[IEEE.802.16-2004]), the difference being that the RADIUS 
Attribute contains only the list of 3-octet cryptographic suite 
identifiers, omitting the IEEE Type and Length fields. 


The PKM-Cryptosuite-List Attribute MAY be present in an Access- 
Request message. Any message in which the PKM-Cryptosuite-List 
Attribute is present MUST also contain an instance of the Message- 
Authenticator Attribute [RFC3579]. 


Implementation Note 


The PKM-Cryptosuite-List Attribute is used as a building block 
to create the 802.16 "Security-Capabilities" attribute 
([IEEE.802.16-2004], Section 11.9.13); since this document only 
pertains to PKM version 1, the "Version" sub-attribute in that 
structure MUST be set to 0x01 when the RADIUS client constructs 
DER 


A summary of the PKM-Cryptosuite-List Attribute format is shown 
below. The fields are transmitted from left to right. 


a 2 3 
O23. AS 6 B90 -I 2 3 A o 89:0 Ts 2934 3 26: 7-8 9.0) 1 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Type | Len | Value... 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 


Type 
140 for PKM-Cryptosuite-List 
Len 


2 + 3n < 39, where ’n’ is the number of cryptosuite identifiers in 
the list. 
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Value 


The Value field is variable length and contains a sequence of one 
or more cryptosuite identifiers, each of which is 3 octets in 
length and corresponds to the Value field of an IEEE 802.16 
Cryptographic-Suite attribute. 


3.5. PKM-SAID 
Description 


The PKM-SAID Attribute is of type string [RFC2865]. It is 4 
octets in length and contains a PKM Security Association 
Identifier ([IEEE.802.16-2004], Section 11.9.7). It MAY be 
included in an Access-Request message. 


A summary of the PKM-SAID Attribute format is shown below. The 
fields are transmitted from left to right. 


1 2 3 
O123 456783 9 0123 45678 90 1234-5 678 9 0-1 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Type | Len | SAID | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
Type 
141 for PKM-SAID 


Len 


SAID 


The SAID field is two octets in length and corresponds to the 
Value field of the 802.16 PKM SAID attribute 


3.6. PKM-SA-Descriptor 
Description 
The PKM-SA-Descriptor Attribute is of type string and is 8 octets 
in length. It contains three fields, described below, which 
together specify the characteristics of a PKM security 


association. One or more instances of the PKM-SA-Descriptor 
Attribute MAY occur in an Access-Accept message. 
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A summary of the PKM-SA-Descriptor Attribute format is shown below. 
The fields are transmitted from left to right. 


1 2 3 
On 2) AO BIO LA 6 8 OS O AA SAS 67 8, 0900: 1 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 


| Type | Len | SAID | 
E ON 
| SA Type | Cryptosuite | 


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
Type 
142 for PKM-SA-Descriptor 
Len 
8 
SAID 


The SAID field is two octets in length and contains a PKM SAID 
(Section 3.5). 


SA Type 


The SA Type field is one octet in length. The contents correspond 
to those of the Value field of an IEEE 802.16 SA-Type attribute. 


Cryptosuite 


The Cryptosuite field is 3 octets in length. The contents 
correspond to those of the Value field of an IEEE 802.16 
Cryptographic-Suite attribute. 


3.7. PKM-AUTH-Key 
Description 


The PKM-AUTH-Key Attribute is of type string, 135 octets in 
length. It consists of 3 fields, described below, which together 
specify the characteristics of a PKM authorization key. The PKM- 
AUTH-Key Attribute MAY occur in an Access-Accept message. Any 
packet that contains an instance of the PKM-AUTH-Key Attribute 
MUST also contain an instance of the Message-Authenticator 
Attribute [RFC3579]. 
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A summary of the PKM-AUTH-Key Attribute format is shown below. The 
fields are transmitted from left to right. 


1 2 3 
01 2) 3-4 O PB 95-0 2 Ae. 6 8 9 01,2 3.403.068, DO. 1 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 


| Type | Len | Lifetime 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
Lifetime (cont.) | Sequence Key... 


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
Type 
143 for PKM-AUTH-Key 
Len 
135 
Lifetime 
The Lifetime field is 4 octets in length and represents the 
lifetime, in seconds, of the authorization key. For more 
information, see Section 11.9.4 of [IEEE.802.16-2004]. 


Sequence 


The Sequence field is one octet in length. The contents 
correspond to those of the Value field of an IEEE 802.16 Key- 
Sequence-Number attribute (see [IEEE.802.16-2004], Section 
11.9.5). 


Key 


The Key field is 128 octets in length. The contents correspond to 
those of the Value field of an IEEE 802.16 AUTH-Key attribute. 

The Key field MUST be encrypted under the public key from the 
Subscriber Station certificate (Section 3.1) using RSA encryption 
[REC2437]; see Section 7.5 of [IEEE.802.16-2004] for further 
details. 


Implementation Note 
It is necessary that a plaintext copy of this field be returned 


in the Access-Accept message; appropriate precautions MUST be 
taken to ensure the confidentiality of the key. 


Zorn Informational [Page 11] 


RFC 5904 RADIUS Attributes for PKMvl June 2010 


3.7.1. AUTH-Key Protection 


The PKM-AUTH-Key Attribute (Section 3.7) contains the AUTH-Key 
encrypted with the SS’s public key. The BS also needs the AK, so a 
second copy of the AK needs to be returned in the Access-Accept 
message. 


It is RECOMMENDED that the AK is encapsulated in an instance of the 
MS-MPPE-Send-Key Attribute [RFC2548]. However, see Section 4.3.4 of 
RFC 3579 [RFC3579] for details regarding weaknesses in the encryption 
scheme used. 


If better means for protecting the Auth-Key are available (such as 
RADIUS key attributes with better security properties, or means of 
protecting the whole Access-Accept message), they SHOULD be used 
instead of (or in addition to) the MS-MPPE-Send-Key Attribute. 


4. Table of Attributes 


The following table provides a guide to which attributes may be found 
in which kinds of packets, and in what quantity. 


Request Accept Reject Challenge Acct-Req + Attribute 

0+ 0 0 0 0 137 PKM-SS-Cert [Note 1] 

138 PKM-CA-Cert [Note 2] 

139 PKM-Config-Settings 

140 PKM-Cryptosuite-List 

141 PKM-SAID 

142 PKM-SA-Descriptor 

143 PKM-Auth-Key 
MS-MPPE-Send-Key 

[Note 3] 


TO OOOO T 
T OCTO O O 
o0o00000o0o0o 


[Note 1] 
No more than one Subscriber Station Certificate may be transferred 
in an Access-Request packet. 


[Note 2] 
No more than one CA Certificate may be transferred in an Access- 
Request packet. 


[Note 3] 
MS-MPPE-Send-Key is one possible attribute that can be used to 
convey the AK to the BS; other attributes can be used instead (see 
Section 3.7.1). 
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The following table defines the meaning of the above table entries. 

0 This attribute MUST NOT be present in packet 

0+ Zero or more instances of this attribute MAY be present in packet 

0-1 Zero or one instance of this attribute MAY be present in packet 

I Exactly one instance of this attribute MUST be present in packet 
5. Diameter Considerations 

Since the Attributes defined in this document are allocated from the 

standard RADIUS type space (see Section 7), no special handling is 

required by Diameter nodes. 


6. Security Considerations 


Section 4 of RFC 3579 [RFC3579] discusses vulnerabilities of the 
RADIUS protocol. 


Section 3 of the paper "Security Enhancements for Privacy and Key 
Management Protocol in IEEE 802.16e-2005" [SecEn] discusses the 
operation and vulnerabilities of the PKMv1 protocol. 

If the Access-Request message is not subject to strong integrity 
protection, an attacker may be able to modify the contents of the 
PKM-Cryptosuite-List Attribute, weakening 802.16 security or 
disabling data encryption altogether. 

If the Access-Accept message is not subject to strong integrity 
protection, an attacker may be able to modify the contents of the 
PKM-Auth-Key Attribute. For example, the Key field could be replaced 
with a key known to the attacker. 


See Section 3.7.1 for security considerations of sending the 
authorization key to the BS. 


7. IANA Considerations 
IANA has assigned numbers for the following Attributes: 
137 PKM-SS-Cert 
138 PKM-CA-Cert 
139 PKM-Config-Settings 


140 PKM-Cryptosuite-List 


141 PKM-SAID 
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10. 


10. 


10 


142 PKM-SA-Descriptor 


143 PKM-Auth-Key 


The Attribute numbers are to be allocated from the standard RADIUS 
Attribute type space according to the "IETF Review" policy [RFC5226]. 
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